beautypg.com

Aaa authentication enable – Allied Telesis AT-S94 CLI (AT-8000S Series) User Manual

Page 41

background image

AAA Commands

Page 40

User Guidelines

The default and optional list names created with the aaa authentication login command are used with the

login authentication command.

Create a list by entering the aaa authentication login list-name method command for a particular protocol,

where list-name is any character string used to name this list. The method argument identifies the list of
methods that the authentication algorithm tries, in the given sequence.

The additional methods of authentication are used only if the previous method returns an error, not if it fails.

To ensure that the authentication succeeds even if all methods return an error, specify none as the final
method in the command line.

Example

The following example configures the authentication login.

aaa authentication enable

The aaa authentication enable Global Configuration mode command defines authentication method lists for
accessing higher privilege levels. Use the no form of this command to return to the default configuration.

Syntax

aaa authentication enable {default | list-name} method1 [method2...]

no aaa authentication enable {default | list-name}

Parameters

default — Uses the listed authentication methods that follow this argument as the default list of methods,

when using higher privilege levels.

list-name — Character string used to name the list of authentication methods activated, when using access

higher privilege levels (Range: 1-12 characters).

method1 [method2...] — Specify at least one from the following table:

Default Configuration

If the default list is not set, only the enable password is checked. This has the same effect as the command aaa
authentication enable default enable.

On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has
the same effect as using the command aaa authentication enable default enable none.

Console(config)# aaa authentication login default radius local enable none

K e y w o r d

D e s c r i p t i o n

enable

Uses the enable password for authentication.

line

Uses the line password for authentication.

none

Uses no authentication.

radius

Uses the list of all RADIUS servers for authentication. Uses username $enabx$.,
where x is the privilege level.

tacacs

Uses the list of all TACACS+ servers for authentication. Uses username
"$enabx$." where x is the privilege level.

See also other documents in the category Allied Telesis Computer hardware: